Configure PyPI upload to use trusted publishing #183
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and publish | |
on: | |
push: | |
pull_request: | |
jobs: | |
build: | |
name: Build and check package | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: {python-version: 3.x} | |
- run: pip install wheel twine flake8 setuptools | |
- run: flake8 | |
- run: python setup.py sdist bdist_wheel | |
- run: twine check dist/* | |
- uses: actions/upload-artifact@v3 | |
with: {name: dist, path: dist/} | |
pypi: | |
name: Upload to pypi.org | |
needs: build | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags') | |
permissions: | |
id-token: write | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: {name: dist} | |
- uses: pypa/gh-action-pypi-publish@release/v1 | |
docker: | |
name: Upload to hub.docker.com | |
runs-on: ubuntu-latest | |
steps: | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
- uses: docker/login-action@v3 | |
with: | |
username: coldfix | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- uses: docker/build-push-action@v5 | |
with: | |
platforms: linux/amd64 | |
build-args: FROM=certbot/certbot:latest | |
load: true | |
tags: | | |
coldfix/certbot-dns-netcup:amd64-latest | |
coldfix/certbot-dns-netcup:amd64-${{ github.ref_name }} | |
- uses: docker/build-push-action@v5 | |
with: | |
platforms: linux/arm64 | |
build-args: FROM=certbot/certbot:arm64v8-latest | |
load: true | |
tags: | | |
coldfix/certbot-dns-netcup:arm64-latest | |
coldfix/certbot-dns-netcup:arm64-${{ github.ref_name }} | |
# push multi-arch images: | |
- run: docker push -a coldfix/certbot-dns-netcup | |
if: startsWith(github.ref, 'refs/tags/v') | |
- run: docker manifest create | |
coldfix/certbot-dns-netcup:latest | |
coldfix/certbot-dns-netcup:amd64-latest | |
coldfix/certbot-dns-netcup:arm64-latest | |
if: startsWith(github.ref, 'refs/tags/v') | |
- run: docker manifest push coldfix/certbot-dns-netcup:latest | |
if: startsWith(github.ref, 'refs/tags/v') | |
- run: docker manifest create | |
coldfix/certbot-dns-netcup:${{ github.ref_name }} | |
coldfix/certbot-dns-netcup:amd64-${{ github.ref_name }} | |
coldfix/certbot-dns-netcup:arm64-${{ github.ref_name }} | |
if: startsWith(github.ref, 'refs/tags/v') | |
- run: docker manifest push coldfix/certbot-dns-netcup:${{ github.ref_name }} | |
if: startsWith(github.ref, 'refs/tags/v') | |
snap: | |
name: Upload to snapcraft.io | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: snapcore/action-build@v1 | |
id: build | |
- uses: snapcore/action-publish@v1 | |
if: startsWith(github.ref, 'refs/tags/v') | |
env: | |
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }} | |
with: | |
snap: ${{ steps.build.outputs.snap }} | |
release: stable |